41 matches found
EUVD-2023-41206
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-37302
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to...
CVE-2025-53010
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously craft...
CVE-2025-53011
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously craft...
CVE-2025-53012
MaterialX 1.39.2 contains a stack-exhaustion vulnerability in its import processing due to no limit on import chain depth. Nested file imports trigger recursion without depth restrictions, allowing an attacker to crash or stall a process parsing MaterialX files. The issue is fixed in MaterialX 1....
CVE-2025-53012 MaterialX's Lack of Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. When parsin...
CVE-2025-53010 MaterialX's unchecked nodeGraph->getOutput return is vulnerable to NULL Pointer Dereference
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously craft...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. An attacker can cause the application to crash or become unresponsive by supplying a deeply nested chain of imported files, leading to stack exhaustion during parsing. Note: This is only exploitable if the attacke...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the XML parsing process. An attacker can cause a crash by providing a specially crafted MTLX file with deeply nested nodegraph elements, leading to stack exhaustion during recursive parsing. Remediation...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the getShaderNodes function. An attacker can cause a crash by providing a specially crafted MTLX file that triggers a null pointer dereference during shader node parsing. Details Denial of Service DoS...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the getShaderNodes function when processing shader nodes from a crafted input file. An attacker can cause the application to crash by supplying a file that triggers a null pointer dereference during output no...
PT-2025-31591
Name of the Vulnerable Software and Affected Versions MaterialX versions prior to 1.39.3 Description MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code...
CVE-2023-37254
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format...
CVE-2023-37304
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature...
MediaWiki 安全漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.39.3 and earlier versions, which stems fro...
PT-2024-12205 · Mediawiki · Mediawiki Cargo Extension
Name of the Vulnerable Software and Affected Versions: MediaWiki Cargo extension versions through 1.39.3 Description: An issue was discovered in the Cargo extension for MediaWiki, where there is mishandling of backticks to smartSplit. Recommendations: For MediaWiki Cargo extension versions throug...
BIT-MEDIAWIKI-2023-37304
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature...
GHSA-FMRF-P77G-VV5C MediaWiki Cross-site Scripting vulnerability
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...
CVE-2023-37305
An issue was discovered in the ProofreadPage aka Proofread Page extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces...
UBUNTU-CVE-2023-37300
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...